A home or small business computer user may be targeted for a distributed denial of service (DDOS) attack by just about any other Internet user to whom the IP address of the home or small business computer is exposed.
Unlike other Internet vulnerabilities like viruses and spam, heretofore there have been no patches, personal firewalls, or other technical measures that business or individuals using DSL or cable mode-based Internet connections can take that will guarantee or more surely secure immunity from such attacks.
It is known that a DDOS attack against the IP address of a home or small business computer or network can effectively disconnect all users at that address. Tools to launch such an attack against any low bandwidth IP address (“broadband connection” over DSL or cable) are readily available on the Internet. The bandwidth needed is below that of interest to Internet service providers (ISPs), and the amount of resulting monetary damages generally lower than that required to secure the interest and assistance of local or federal authorities.
Low bandwidth, directed attacks could be a significant risk to telecommuters. Since the congestion is severe at the user, too many packets are dropped to continue normal TCP sessions. A home firewall is not the answer. A home firewall could block malicious packets or unwanted packets from an end user. The problem is that in a DDOS attack, there is too much traffic reaching the end user. Thus, there is so much traffic that the end user cannot deal with the inbound flood of traffic that will be eventually blocked by the home firewall. So while the firewall attempts to work, it cannot handle all of the traffic. This causes legitimate connections to be severed or never initiated.